2013-07-03

Website Hostingat

Vilnius University

by Eligijus Račkauskas

senior programmer at VU ITTC

• 596 hosted websites in several groups:– main website of the University and University

news websites– University departments/subdivisions– University projects and conferences– University staff blogs– websites of other Lithuanian research and

education institutions (schools, kindergartens etc)

info.tinklas.vu.lt

749th on Webometrics ranking (January, 2013)2013-07-03 VU, ITTC

Hardware

• SUN SPARC T5220 (8 CPU 8 core each)– LDOM or Zones

• Vmware• SAN and NAS storages

– 2 GB by default– 1 GB for schools, 0.5 GB for blogs – extra space on demand

2013-07-03 VU, ITTC

Software

Open source• Solaris• Apache• suPHP• PHP• MySQL

Most used CMS:• WordPress• Joomla

CMS ImpressPages (developed by Lithuanian programmers)

2013-07-03 VU, ITTC

Securing websites (1)

11 corrupted websites detected during the last half year mainly due to outdated CMS.Hackers now try:• Guess passwords intensively on WordPress

and Joomla from botnets• Well known CMS holes• SQL injection attacks• Spamming of web forms (leave comments,

send mail)Hack, sit quiet a month or two and then begin spamming or do something else.2013-07-03 VU, ITTC

Securing websites (2)

PHP• allow_url_fopen Off• allow_url_include Off• disable_functions system, exec, shell_exec, passthru,

proc_close, proc_get_status, proc_open, proc_nice, proc_terminate, popen, pclose, symlink, link, disk_free_space, disk_total_space, highlight_file, chown, chgrp

• display_errors Off

2013-07-03 VU, ITTC

Securing websites (3)

• FTP access from Lithuanian ISP • WordPress and Joomla login page from

Lithuania or University network• Monitoring by Nagios and Cacti, SMS

alerts• Cron scripts counts POST requests from

Apache logs• Other tools like paranoia and suspicion

• Blocking suspicious IP on Apache or ipfilter

• Disabling abusing website

2013-07-03 VU, ITTC

When corruption detected

• Block website (whole or a part of it)• Search for vulnerability• Patch the hole / restore website• Inform website’s administrator

about the incident• Check other sites for the

vulnerabilities• Apply preventive means

2013-07-03 VU, ITTC

Staff blogs

• web.vu.lt/department/n.surname• WordPress account or “free” resources• Mostly used for teaching purposes

(summaries, assignments etc.)

• WordPress Multisite– one installation for a department– slightly adapted core for account name

with dot symbol• few lines in wp-admin/network/site-new.php

and .htaccess2013-07-03 VU, ITTC

Problems

• Outdated Content Management Systems (CMS)– targets for hackers– forced to support old PHP versions

• Websites administrators lacking of IT experience (non IT staff mainly)

• Growing flow of junk• No possibility to use reverse proxy

servers2013-07-03 VU, ITTC

Future plans

• Move websites to Vmware environment

• Use FastCGI• Get into the top 500 on

Webometrics

2013-07-03 VU, ITTC

Something more

• SSO• https://filesender.vu.lt/• http://problemos.tinklas.vu.lt/• DokuWiki• http://www.epaslaugos.vu.lt/

2013-07-03 VU, ITTC

Questions

2013-07-03 VU, ITTC

Thank you for your attention!

2013-07-03 VU, ITTC